Dell PowerProtect Vulnerability Allows Root Command Execution

/HIGH /CVSS 7.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-20
Dell PowerProtect Vulnerability Allows Root Command Execution

The National Vulnerability Database has disclosed CVE-2026-24504, a critical vulnerability impacting Dell PowerProtect Data Domain systems. Versions 7.7.1.0 through 8.6, along with LTS releases 8.3.1.0-8.3.1.20 and 7.13.1.0-7.13.1.60, are affected. This flaw stems from improper input validation.

A high-privileged attacker with remote access could exploit this weakness to achieve arbitrary command execution with root privileges. This is a significant risk, as these systems often house sensitive backup data. Attackers gaining root access could potentially tamper with backups, exfiltrate data, or use the compromised system as a pivot point into the broader network.

Defenders must prioritize patching these Dell PowerProtect Data Domain systems immediately. Given the potential for full system compromise, a thorough audit of access controls and network segmentation around these backup appliances is also warranted. Assume compromise until proven otherwise.

What This Means For You

  • If your organization uses Dell PowerProtect Data Domain, immediately verify that your systems are patched beyond versions 7.7.1.0 through 8.6, LTS2025 8.3.1.0 through 8.3.1.20, and LTS2024 7.13.1.0 through 7.13.1.60. Given the 'root privileges' outcome, review logs for any unusual activity originating from these devices.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059 Command and Scripting Interpreter Execution T1204.002 Malicious File Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1059 Execution

CVE-2026-24504 - Dell PowerProtect Root Command Execution via Input Validation

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-24504 RCE Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6
CVE-2026-24504 RCE Dell PowerProtect Data Domain LTS2025 release version 8.3.1.0 through 8.3.1.20
CVE-2026-24504 RCE Dell PowerProtect Data Domain LTS2024 release versions 7.13.1.0 through 7.13.1.60
CVE-2026-24504 Improper Input Validation Arbitrary command execution with root privileges

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

wpForo Plugin Flaw Allows Arbitrary File Deletion, RCE

CVE-2026-6248 — The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to...

vulnerabilityCVEhigh-severityremote-code-executioncwe-22
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 5 IOCs /⚙ 3 Sigma

CVE-2026-6060 — Denial of Service

CVE-2026-6060 — A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-400cwe-770
/SCW Vulnerability Desk /MEDIUM /4.5 /⚑ 3 IOCs /⚙ 1 Sigma

CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce

CVE-2026-41389 — OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can...

vulnerabilityCVEmedium-severitycwe-73
/SCW Vulnerability Desk /MEDIUM /5.8 /⚑ 2 IOCs /⚙ 3 Sigma